Information Security Management Policy

Enerjisa agrees that all the information collected and processed by all means and belongs to the Company and its stakeholders shall be considered as critical assets and pays utmost attention and attaches great importance to protect them.

Thus, Enerjisa effectively implements the Corporate Information Security Management System based on ISO/IEC 27001 Information Security Management System standard.

The main purpose of corporate information security is to ensure the confidentiality, integrity and availability of any information collected and processed by Enerjisa. The fundamental goal of the corporate information security is to design, implement, monitor, and continuously improve the processes in order to avoid any pecuniary and non-pecuniary damages that may emerge and have impacts on Enerjisa and its stakeholders due to the nature of the Enerjisa’s operations; identify these damages as soon as they emerge and minimise the possible impacts.

Regardless of their positions or assignments, all Enerjisa employees and related third parties shall abide by the practices, policies and procedures of Enerjisa related to information security. Violation of corporate information security policies and procedures may result in disciplinary actions and sanctions as part of the related legislation.

Managers of departments are primarily responsible for taking all necessary measures and supervising work activities in their areas of responsibility in order to ensure compliance with corporate information security policies and procedures.

Enerjisa commits that the Company shall meet all prevailing requirements regarding information security, comply with any and all legislation, laws, communiqués and regulations that the Company shall abide, and continuously improve its Information Security Management System.